422615c8d808550754675e825e1af240833928de9f8da026008b22ada2f16cd7

Analysis

max time kernel
59s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0F8498114C7A081EE0630A00BA4DFF2E.exe
Size

782KB
MD5

8e2f08deaac5bddbb57f3c5d40ea8bd0
SHA1

be7842f6e42e7ec89285ef2c65f84952ffebdbd5
SHA256

59559873eaa5a5b25f029c6768a22d3e84b03b7467cc764ea5f081edc0bfeb58
SHA512

ac2e98db25f2a867383d47f77076b0133242f6492eab7578db557b8c56a57443525f8a57e76438462bc65d9d04a742ea646b1f1351d2970f29fa569debe3a200
SSDEEP

24576:3fLMW38ZStHH1tbAKovtn2X4nTFu8EG4W4:voJZ8HH1tPovtnc4TFcG4W4

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

0F8498114C7A081EE0630A00BA4DFF2E.exe

pid process

3108 0F8498114C7A081EE0630A00BA4DFF2E.exe

pid	process
3108	0F8498114C7A081EE0630A00BA4DFF2E.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

wab.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Larvefdders = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Hyperite\\Skibsstningers.exe"	wab.exe

Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs

Processes:

wab.exe

pid process

3864 wab.exe
3864 wab.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

0F8498114C7A081EE0630A00BA4DFF2E.exewab.exe

pid process

3108 0F8498114C7A081EE0630A00BA4DFF2E.exe
3864 wab.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

0F8498114C7A081EE0630A00BA4DFF2E.exe

description pid process target process

PID 3108 set thread context of 3864 3108 0F8498114C7A081EE0630A00BA4DFF2E.exe wab.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

0F8498114C7A081EE0630A00BA4DFF2E.exe

pid process

3108 0F8498114C7A081EE0630A00BA4DFF2E.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

wab.exe

pid process

3864 wab.exe

pid	process
3864	wab.exe
3864	wab.exe

pid	process
3108	0F8498114C7A081EE0630A00BA4DFF2E.exe
3864	wab.exe

description	pid	process	target process
PID 3108 set thread context of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe

pid	process
3108	0F8498114C7A081EE0630A00BA4DFF2E.exe

pid	process
3864	wab.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

0F8498114C7A081EE0630A00BA4DFF2E.exe

description	pid	process	target process
PID 3108 wrote to memory of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe
PID 3108 wrote to memory of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe
PID 3108 wrote to memory of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe
PID 3108 wrote to memory of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe
PID 3108 wrote to memory of 3864	3108	0F8498114C7A081EE0630A00BA4DFF2E.exe	wab.exe

C:\Users\Admin\AppData\Local\Temp\0F8498114C7A081EE0630A00BA4DFF2E.exe
"C:\Users\Admin\AppData\Local\Temp\0F8498114C7A081EE0630A00BA4DFF2E.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3108

C:\Program Files (x86)\windows mail\wab.exe
"C:\Users\Admin\AppData\Local\Temp\0F8498114C7A081EE0630A00BA4DFF2E.exe"
2⤵
- Adds Run key to start application
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3864

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsl5527.tmp\System.dll
Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
memory/3108-15-0x00000000773D1000-0x00000000774F1000-memory.dmp

Filesize
1.1MB

Download
memory/3108-16-0x0000000074230000-0x0000000074237000-memory.dmp

Filesize
28KB

Download
memory/3864-17-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-18-0x0000000077458000-0x0000000077459000-memory.dmp

Filesize
4KB

Download
memory/3864-19-0x00000000773D1000-0x00000000774F1000-memory.dmp

Filesize
1.1MB

Download
memory/3864-29-0x00000000773D1000-0x00000000774F1000-memory.dmp

Filesize
1.1MB

Download
memory/3864-30-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-31-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-28-0x00000000008B0000-0x000000000434F000-memory.dmp

Filesize
58.6MB

Download
memory/3864-32-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-33-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-34-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-35-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-36-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-37-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-38-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-39-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-40-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-41-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-42-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-43-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-44-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-45-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-46-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-47-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-48-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-49-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-50-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-51-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-52-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-53-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-54-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-55-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-56-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-58-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-59-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-60-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-61-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-62-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-63-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-64-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-65-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-66-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-67-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-70-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-71-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-72-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-73-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-74-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-75-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-77-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-76-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-78-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-79-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-80-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-81-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-82-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-83-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-84-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-85-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-86-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-87-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-88-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-89-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-90-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download
memory/3864-91-0x0000000072FD0000-0x0000000074224000-memory.dmp

Filesize
18.3MB

Download